Outsourcing To India - Legal And Tax Considerations:
Over the last few years, India has emerged as a leading destination for companies wishing to outsource their software development, and business process requirements. International companies have either entered into contracts with Indian service companies or set up their own facilities through Joint Ventures and Indian subsidiaries.Indian Government has been a catalyst in the growth of the Indian software and BPO industry through the tax incentives provided to exporters. These incentives are aimed largely at maximizing exports, thereby resulting in an inflow of foreign exchange into India. Industrial policy reforms have eliminated the licensing requirements except for certain select sectors, removed restrictions on investment and expansion and facilitated easy access to foreign technology and direct investment. This has contributed to increased inflow of foreign exchange into India.Foreign Investment PolicyForeign investment is permitted in virtually every sector, except those of strategic concern such as defence (opened up recently to a limited extent) and rail transport. Foreign companies are permitted to set up Wholly Owned Subsidiaries in India. No prior approval from the exchange control authorities (RBI) is required, except for certain specified activities. The investment should be in accordance with the prescribed guidelines and the details of the investment should be filed with the authorities within the prescribed time limit. This investment procedure is commonly known as the "automatic approval route".Foreign Investment Promotion Board (FIPB) of the Government of India is constituted mainly to promote inflow of FDI into the country, as also to provide appropriate institutional arrangements, transparent procedures and guidelines for investment promotion and to consider and approve proposals for foreign investment.Automatic approval route and FIPB routeForeign investment into India is governed by the Foreign Direct Investment (FDI) policy of the Government and the Foreign Exchange Management Act, 1999 (FEMA). With increasing liberalisation of the Indian economy, generally, there is no need to obtain prior approval of the Government of India for a fresh investment to be made into an Indian company (only procedural filings have to be made with the Reserve Bank of India (RBI), the Indian central bank). In certain cases, however, and also for investment in certain specified sectors, prior approval is required. Further, investment in certain specified sectors is subject to foreign equity caps.Outsourcing vs. Software Development CentreThe determination of whether to outsource to an Indian software services company or set up one’s own facility is largely a business decision. A long term requirement could make investment in a subsidiary worthwhile. Recent transfer pricing regulations may however have an impact on the pricing of the services provided by the subsidiary. A requirement for highly specialized work may also point to setting up one’s own facility. The need to exercise control over valuable intellectual property and maintenance of confidentiality is also a key factor. The slowdown since 2001 has also seen some hybrid structures, for e.g., where the Indian company sets up a separate entity, is assured a steady stream of business and grants the customer an option to purchase the business later. This would have the effect of leveraging on the benefits of outsourcing while sheltering the associated risks.Software Outsourcing ArrangementsContractual ProtectionWhere at least one party is a foreign entity, the parties can choose the law governing the contract. The negotiating power of international customers would typically weigh in favor of choosing a governing law of the customer. The parties may also choose a foreign venue for arbitration. A Foreign arbitral award would be recognized in India if the country of venue has signed either the New York or Geneva conventions and has been notified as having reciprocal relations with India in the matter of enforcement of foreign awards. A foreign arbitral award would generally be more easily enforced in India than a foreign court judgment.If dispute resolution is to be held in India, it is generally recommended that the parties opt for arbitration because litigation in India can be long drawn and subject to delays. However, it is possible to obtain quick injunctive relief in case of intellectual property violations.Contract Liability ConcernsIndian law does not contain statutory provisions or case law dealing specifically with liability issues arising from development of software. However, customers should keep in mind that under Indian law, compensation can be awarded for breach of contract only in relation to damages that naturally arise in the usual course of things and which the parties knew would result from such breach. It cannot extend to any remote or indirect losses. Further, Indian courts rarely award large damages for breach of contract. Delays in the justice system also make speedy recovery of money difficult. This may impact the ability of customers to recover fees paid or obtain damages in Indian courts.Copyright and Protection of Intellectual PropertyIt is generally difficult to patent software programmes in India. Under copyright law, the software developer, being an independent contractor, would be the author of the works and therefore, the owner. However, Indian law permits the parties to agree that the customer would be the owner of the copyright. Under Indian law, in the absence of anything to the contrary, it is presumed that an assignment or license of a copyright work would be limited to 5 years and to the territory of India. Further, the assignment may lapse if the work product is not made use of within one year. Accordingly, the contract would need to mention specific language to overcome these presumptions. An assignment agreement must also specifically describe the work to be assigned. It is important to note that the knowing violation of copyright in India is a criminal offence. It is possible to obtain reasonably quick injunctive relief from Indian courts for intellectual property violation. However, it is important that the customer chooses an IP friendly jurisdiction. The Business Software Alliance has had some success in obtaining Anton Pillar orders from Indian courts and conducting raids on distributors of pirated software. Another remedy that could be used is criminal breach of trust, if the developer has misused proprietary software or know-how provided by the customer.India does not have a statute governing the protection of confidential information and trade secrets. Further, there is no statute dealing with data protection or privacy matters. One would typically obtain protection through a civil action under common law. Recently, the central government and some state governments have expressed an interest in bringing forth a separate legislation for data protection in an effort to attract more investment in BPO activities. Another option would be to file an action for criminal breach of trust. This is based on the principle that confidential information is provided “in trust" and any misuse would amount to a breach of trust. Criminal action has its advantages in that the individuals involved will be put to inconvenience in terms of personal appearance before the court, the perceived stigma and the restrictions on traveling out of India.Tax IssuesUnder Indian law, software and BPO companies would typically be exempt from tax in relation to income earned from export of software out of India if the fees are received in convertible foreign currency. This may affect certain types of outsourcing arrangements, for example, where the customer wishes to outsource the work from its existing Indian subsidiary. Payment of fees in Indian Rupees could significantly increase the cost, because the developer would seek to recover the tax payable on its margins. Another important issue is the possibility that the customer may be held to have a permanent establishment in India if it transfers testing equipment to the developer for use while developing the software.Another relevant issue is the taxation on Information Technology related services. In an attempt to boost the growth of software exporting, Government of India has exempted export of services and also secondary services consumed in exported services from service tax.As mentioned earlier, India’s software companies are largely exempt from tax. However, it is possible that the exemption may be removed or substantially reduced in the future. In such event, the Vendor would seek to increase its fees. The customer must recognize this as a reasonable possibility and perhaps, obtain fixed, tax inclusive costs, at least in the short term.Outsourcing Through Ownership ModelForeign Investment RegulationsSoftware development and BPO services is now under the automatic route and no foreign investment approvals are required to set up a wholly owned subsidiary; only certain filings need to be made after receipt and issue of share capital. However, acquisition of shares in an existing Indian company may still require a prior foreign investment approval. Choice of Vehicle - Private CompanyMost foreign corporations set up their subsidiaries as private limited companies with liability limited by share capital. This entity is similar but not identical to an unlisted C Corporation in the USA and has no flow-through taxation. A private company can have a maximum of 50 shareholders (excluding employees), must restrict the transferability of its shares and is prohibited from making invitations to the public for subscription to shares, debentures or deposits. A private company is generally less regulated than a public company. It must have at least 2 shareholders. Regulations relating to personal presence of shareholders at shareholder meetings, and limitations on transfer of shares under exchange control laws would require a careful structuring of share capital investment into the subsidiary.Funding the VentureRestrictions imposed by Indian exchange control laws on the ability of an Indian company to obtain short term debt from abroad make it difficult to fund the subsidiary through loan funds. Inflexible buy back regulations make a buyback of share capital difficult. Hence, the parent would typically seek to fund only the capital costs through share capital. One could possibly consider funding the operating expenses by the holding company making trade advances to the subsidiary for services to be performed. Software Technology Park UnitsMost foreign corporations interested in engaging in development of software and BPO services in India set up their Indian subsidiaries as Software Technology Park (STP) Units. This is not a separate legal entity but merely a status obtained from the government. The STP status entitles the company to substantial tax benefits, subject to it meeting certain export commitments. An STP unit would need to be a customs bonded area. This means that it can be at a location of the Company’s choosing but must be in an area demarcated specifically for STP operations. Some formalities on entry and removal of goods would apply. In practice, most companies handle these requirements with ease.Activities of an STPThe permitted activities of an STP do not cover just software development activities. An STP’s activities could include (a) software development (b) hardware design, digital signal processing; and (c) business process outsourcing, including medical transcription services, customer relations, document processing and call centres. On site services through deputed personnel would also be covered.Because an STP is supposed to be engaged primarily in export activities, its ability to make sales within the Indian market is limited to the equivalent of 50% of its total exports. Further, restrictions under both STP regulations and tax laws would limit the ability of the Indian subsidiary to outsource work to another Indian STP.Export Requirements for STP Units The export related commitments that need to be satisfied by an STP Unit are driven largely by the Government’s objective of maximizing the country’s foreign exchange reserves. These commitments are as follows:# Exports of US$ 0.25 million or 5 times the CIF value of imported capital goods, whichever is higher (if no capital goods are imported, the US$ 0.25 million requirement would apply).# An annual Net Foreign Exchange Earnings as a Percentage of Exports (NFEP) of 10%. This means that the inflow of foreign exchange earned by the company should be at least 10% more than the outflow of foreign exchange out of India. Both the requirements need to be satisfied over a period of 5 years. The value of capital goods would cover the entire CIF value - cost, insurance and freight. However, the value of exports would cover only the landed cost. Further, it may be noted that in considering the outflow of foreign exchange, the dividend distributed to the holding company would also need to be considered. Income Tax BenefitsAn STP Unit in India would be entitled to enjoy the remainder of a 10 year tax holiday commencing from April 1, 2000 to March 31, 2009. (The Indian tax year runs from April 1 to March 31). The tax benefit would apply only if the software/service is exported out of India and payment is received in convertible foreign exchange. It would also not cover profits earned from domestic business or income other than from STPI services. The tax holiday will not cover dividend distribution.The STP Unit cannot be set up as a result of the re-organization or break up of an existing business and not more than 20% of its hardware should constitute hardware previously used by another business. Hence, in an acquisition, a careful structuring may be required in order to preserve the tax holiday.Transfer Pricing RegulationsIndian tax laws have recently included provisions relating to transfer pricing, requiring pricing of transactions between associated enterprises to be at arms length. Even in the case of a tax exempt software company, this assumes significance because if the tax authorities conclude that the consideration payable to the Indian subsidiary is not at arms length, the enhanced income determined by the authorities would be subject to tax and would be the basis of possible penalties. Typically, companies opt for a cost plus method (between 7-15%) or standard per diem rates. Since these developments are relatively recent, there is no consensus yet on what would be an acceptable pricing formula.Indirect Tax An STP company can import capital goods and consumables without payment of any customs duty. However, the higher the value of imported goods, the higher will be the export commitment, as above. The company would also be exempt from payment of excise duty on manufacture of goods, when purchased from the manufacturer and can claim a refund on sales tax paid by the supplier on sale of the product to the STP.Tax Benefits for Non-STP CompaniesEven if a software exporting company does not have an STP unit, it can avail of the general exemption for profits derived from export of computer software under Indian tax laws. At present, 30% of such export income is tax exempt. Procedure for Setting up the STPSetting up the STP Unit involves compliance with numerous regulatory procedures that would typically take about 3 months. After company incorporation, a detailed STP application has to be prepared, that would include the prescribed application form, a project report, projected 5 year accounts and details of expenses and foreign exchange remittances. This would involve substantial work from the company officials. After obtaining the STP registration, certain other formalities need to be completed relating to customs bonding and obtaining tax registrations.Operating a Business in India - Key Regulatory IssuesCompany Law - Indian company law is based on the English Companies Act of 1948. Key requirements include mandatory board and shareholder meetings, shareholder approval in respect of certain matters, appointment of officers, restrictions on loans and investments, etc.Exchange Control - The Indian Rupee is fully convertible on the current account though control remains on the capital account. Doing business in India involves wading through India’s complex exchange control regulations that restrict the remittance of foreign exchange out of India.Employment Laws - Indian employee laws are considered to be somewhat restrictive in terms of requirements relating to lay offs, closure of business, etc. BPO companies need to be particularly concerned about rules relating to flexible working hours, holidays and employment of women at night as well as regulation of leave policiesStock Options - Exchange control restrictions that limited the amount that an employee could remit out of India for purchase of foreign stock have been lifted in the case of listed stock of holding companies. Subject to the employer fulfilling certain requirements, employees receiving foreign stock can also claim a tax status similar to the ISO status in the USA.To conclude in India many believe that it is just the right "climate" for entrepreneurial development and in 2007 India is the place to be in. It provides a great combination of skill and competency. Combine that with the right investment climate and the ever improving technological efficiency, you find that the great Indian time has arrived. The India boom is here to stay. The heat is on and it's only getting hotter.


Business Method Patents - Two Opposing Views
An invention which is a solution to a technical problem is protected by way of Patent. This protection is available for specified period (usually 20 years) during which the patentee holds certain exclusive rights with regard to exploitation of his invention. In return, the patent holder is obliged to publicly disclose his invention which adds into the technical knowledge bank of the world. The aim of granting patent protection is to encourage economic & scientific development by rewarding the inventor for his intellectual creations.Business Method Patents are a special category of patents which are granted for an innovative way of doing business. The methods or process which can be patented under this category includes teaching methods, sales skills, financial services, investment services and marketing & advertising methods etc. Even skills for playing a game may be protected by way of Business Method Patents. Most of these patents are implemented by way of computers. Before 1998 patent protection was not available to business methods; however the decision of Court of Appeals for Federal Circuit (U.S.) in State Street Bank Case completely changed the situation. Between 1998 to present, the business method patent applications have increased significantly. From their beginning, business method patents are always in controversy to their subject matter. The issue is not confined to United States only but to major economies of the world. The Two major views came out of this controversy, one is against issuing patent protection to the subject matter (European Commission’s position) and second is advocating for business method patents (i.e. United States’ Position). The major arguments of the above two opposing views with regard to Business Method Patents are as follows:A. The European Commission’s Position on the Impact of Business Method Patents:The business method patents should not be allowed because:1. Science is something different than business. Patent system and its principles are better for science and not for business. 2. Issuance of business method patents hampers free development of the Internet & e-commerce. Innovation comes from competition in an open and fair market and not from the monopolistic market. 3. Issuance of business method patents keeps the small and medium sized firms / individuals out of the game because big players will take out most of the patents and play the game as per their terms.4. Issuance of business method patents does not stimulate innovation but rather it rewards existing monopoly right holders who do not distribute wealth and opportunities but rather it strengthens the present structure of power.5. Every method of doing business over Internet (i.e. e-commerce) involves technology which can be patented individually. Neither every method/way can be patented nor it is possible to license each of the associated patents. It will have exorbitant costs and will be very risky and uncertain to launch such a product based on the business method patent in the market. 6. Subject matter for most of the business method patents is obvious and issuance of business method patents on such broad subject matter will harm other businesses. Grant of 1-click patent to Amazon, severely harming the other online trading businesses.7. The global patent industry acts as an unregulated monopoly and it is unbalancing the system of property rights that underpin the software industry. B. The United States’ Position on the European allegations that Business Method Patents causes Uncertainties:The business method should be evaluated like the other patents because:1. The only constitutionally permissible purpose of the patent system is to promote Science and useful arts and the same should be applied with respect to business method patents. E-commerce is no different than science.2. Patent system provides incentive to the creator for his research & development and promotes further innovation.3. Earlier economy was based on the means of production but today’s economy is based heavily on information and knowledge and business method patents are a natural protection for useful applications of information and knowledge. It would be ironic if the patent system, which has been essential in creating the current economy, now has no place in the Information and knowledge age.4. Patent system will promote disclosure of inventions. Once the business methods are employed on the Internet in e-commerce, they can be easily copied and this will help to promote innovation. 5. A business method patent may be the sole asset of an Internet startup company, other than the accumulated knowledge of the personnel. It also helps up to value the startup company and gives a competitive advantage. Investors are more likely to invest in a startup company if the company is easier to value and is able to offer security for an investment in the company.6. Priceline.com (much criticized business method patent – reverse auction system) offers an example of a business method patent providing an incentive to innovate; it lured hundred of millions of investment dollars to finance its attempt to practice its business method patents. Without the patent protection, the investors are not going to invest with Priceline.com7. Adoption of copyright principles to evaluate patentability of business method adds unnecessary complications without providing a benefit.8. The mere listing of patents and litigation is not a sufficient evaluation of whether business method patent provide a net benefit to the society.The issue is still open-ended and needs some better approach to harmonize of dissimilar interests.However, if we go minutely, we will find that patent protection for business method patents is available in virtually every major market of the world provided that the business method must utilize some tangible technology such as hardware embedded softwares. The solutions provided by such business method patents are making a contribution in the development. Considering the importance of Business Method Patents in the era knowledge economy where e-commerce is expanding at an enormous speed, the world leaders should arrive at a consensus and such a consensus will be beneficial for all the nations and further economic & scientific development.

chances of data theft in outsourcing....,
India has successfully claimed a significant share of the offshore business process outsourcing (BPO) market, but recently, there have been allegations that call center employees there have stolen data entrusted to their employers. As a result, concerns have risen about the security of data held by Indian service providers, and companies that outsource to India are seeking out the remedies that are available to them to deal with and prevent the misuse of data in India. Preventative MeasuresThe National Association of Software and Service Companies (Nasscom), one of the most recognized and vocal trade organizations in the IT software and services industry in India, has established several measures to address data security concerns regarding service-provider employees. Earlier this year, Nasscom launched a National Skills Registry for IT professionals to help employers conduct background checks by tracking certain information about employees, such as employment history. More recently, Nasscom announced plans to set up an independent, self-regulatory organization to set and monitor data security and privacy best practices by outsourcing service providers in India. Service providers in India are also increasingly adopting compliance programs and comprehensive security audits, including personnel and equipment audits to prevent misuse of sensitive information and data. Compliance programs include training of employees to enhance awareness of confidentiality and of managers with regard to securing computer systems, common threats to information security, access-control techniques, risk assessment and management, intrusion detection, authentication and other issues. Enforcement agencies in India also work with business process outsourcers to conduct workshops aimed at improving employees’ knowledge and skills in the area of the misuse of data. However, despite the preventative measures, non-Indian companies should still be aware of their remedies in the event of a data security breach in India. Laws Relating to Data Security in IndiaThe Indian legal system is substantially based on the British common law system. While there is no omnibus Indian data security law, there are several laws that apply to data theft or misuse in India. Typically, when an incident involving data occurs, a complaint is filed for theft, cheating, criminal breach of trust, dishonest misappropriation of data and/or criminal conspiracy under the provisions of the Indian Penal Code (IPC) of 1846 and for hacking under the Information Technology Act (ITA) of 2000. Many of these offenses under the IPC and the ITA allow for an arrest without a warrant, are nonbailable and carry penalties that range from one year to life imprisonment, as well as fines. Moreover, certain offenses carry higher penalties when the offender is an employee, a public servant, a merchant, an attorney or an agent. For example, misappropriation of data by criminal breach of trust could lead to imprisonment for up to three years. However, when the criminal breach of trust is carried out by an employee -- i.e., if the data is dishonestly misappropriated and converted by an employee for his own use -- the penalty increases to imprisonment for up to seven years. Further, when the offender is a public servant, merchant, attorney or agent, the penalty can be as high as life imprisonment. In addition to these criminal affairs, civil proceedings for copyright infringement under the provisions of the Copyright Act (CA) of 1957 and the Specific Relief Act (SRA) of 1963 are also typically initiated to prevent the misuse and dissemination of data. The penalties under the CA and the SRA can range from hefty fines and damages to temporary and permanent injunctions. Over and above the laws currently in place, the Indian government is in the process of amending the ITA to deal with data privacy and security issues. The proposed amendments are currently being reviewed by the Ministry of Law, Justice and Company Affairs before being presented to the Indian Parliament. They include provisions that would empower the central government to make rules concerning control processes and procedures to ensure adequate integrity, security and confidentiality of electronic records and rules prescribing modes of encryption for data security. Enforcement ProceduresThere are several options open to a company that is dealing with a data misuse or theft incident in India. Generally, a criminal complaint under the provisions of the ITA, the IPC and the CA for theft, misappropriation or misuse of data and infringement of copyright is filed with the police station that has jurisdiction over the area where the security breach occurred. The local police officers, however, may not be in a position to properly investigate a data security incident, since not all officers are adequately trained to deal with cybercrime cases. Thus, in the alternative, the criminal complaint can be made to Anti Cyber-Crime Cells set up by the state police departments. These Anti Cyber-Crime Cells have been established to investigate and prosecute cases of data theft and copyright infringement, as well as other cybercrime cases. Anti Cyber-Crime Cells of several state police departments organize training programs for investigators concerning data protection and use of advanced equipment to investigate data security incidents. In fact, the U.S. Department of State recently trained Indian cybercrime investigators on investigating techniques. The officers at Anti Cyber-Crime Cells have the power to seize infringing or stolen data by conducting searches and raids on the premises of the alleged offenders and can also prosecute the offenders in the criminal court that has jurisdiction over the police station where the complaint was registered. The law enforcement agencies also have the power to arrest offenders and keep them in custody during the course of the investigation and prosecution unless bail is granted to the offenders by the court. If a company believes that the local police station and/or the Anti Cyber-Crime Cell do not have the requisite expertise to investigate a data security incident, the company may make a formal complaint with the Central Bureau of Investigations (the CBI) of the government of India under the provisions of the ITA, the IPC and the CA. The CBI is an autonomous agency and has professionally trained the Anti Cyber-Crime Units in various states to investigate data security incidents. If the officer investigating the complaint determines that a prima facie offense has been committed, he can register the complaint and file a charge sheet with the criminal court. In addition, complaints alleging offenses under provisions of the ITA can also be made to the controller of certifying authorities. Upon receipt of a complaint, the controller of certifying authorities investigates allegations and can order punishment of an offender under the provisions of the ITA. Since the controller of certifying authorities is a quasi judicial authority, an appeal against its orders can be made only in the State High Court. Finally, in addition to or in lieu of a criminal complaint, a civil suit seeking damages and an injunction to restrain the misuse and misapplication of data can be filed under the provisions of the CA and the SRA. A civil court can issue an interim temporary injunction pending final adjudication of the civil suit. Issues in the Indian Legal SystemWhile several measures have been put in place to deal with data security issues, some concerns still remain regarding the Indian legal system. Indian courts are overburdened – in 2005, the lower courts had over 20 million pending cases, while the high courts had over 3 million. Delays in the system are common, and an average case can take several years to be resolved. However, things are changing. Several measures are under way, and the prime minister and chief justice of the Indian Supreme Court have committed to dealing with the issues facing the Indian courts. Further, the system itself, while slow, works. More importantly, as previously discussed, several preventative measures are being put into place by the service providers themselves to deal with data security and privacy issues. ConclusionUnfortunately, data breaches have occurred and will probably continue to occur in many parts of the world. Fortunately for companies that have sent data to India -- whether via an offshore outsourcing or otherwise -- the government of India has responded to the concerns raised about data security issues, and proven methodologies have been used and refined to minimize the damage, punish the offender and deter the tempted. Obviously, there are many steps that a non-Indian company can and should undertake to minimize its risk. For example, it can conduct due diligence and risk assessments when choosing service providers, implement appropriate contractual measures designed to meet its objectives, monitor the service provider’s compliance and make adjustments to reflect modified risks. A combination of all these measures should go a long way toward minimizing both the incidence and consequences of data theft and misuse incidents in India.